This detection rule identifies potential side-loading of the DLL file "ShellDispatch.dll". DLL side-loading is a technique attackers use to run malicious code by tricking a system into loading a non-legitimate library instead of the genuine one. The rule triggers when an image loading event confirms that the loaded image ends with "\ShellDispatch.dll", while ensuring that this loading does not come from common legitimate paths like the user's AppData or Windows Temp directories. This specificity reduces the likelihood of false positives that may result from standard application installers which may also use DLLs. The rule is targeted towards Windows systems and addresses common evasion techniques exploited by attackers, thus providing early detection of potential privilege escalation attempts or evasion tactics in the environment.